search

ysbaddaden / prax.cr

Rack proxy server for development (Crystal port)
Other
152 stars 18 forks source link

Cookies still getting combined into one header #85

Closed stephenh closed 5 years ago

stephenh commented 5 years ago

I believe prax is still combining cookie headers. However, I'm confused because it looks like this was supposed to be fixed in #32.

Most of my team uses pow, but I'm using prax, and was having trouble authing against our www.<us>.localhost because my csrf_token cookie was not being set.

When accessing our app directly (w/o prax via the production domain), I get back three set-cookie values when I look in chrome's network tab:

set-cookie: locale=en; domain=www.example.com
set-cookie: csrf_token=...uuid...; domain=.example.com; path=/
set-cookie: auth_token=...jwt...; domain=www.example.com; path=/; secure; HttpOnly

However, when using prax, I get back a single set-cookie cookie header:

set-cookie: locale=en; domain=.example.localhost, csrf_token=...uuid...; domain=.example.localhost; path=/, auth_token=...jwt...; domain=.example.localhost; path=/; HttpOnly

I'm using prax 0.8.1:

$ prax --version
Prax 0.8.1-1 (2018-12-08)

And latest chrome, Version 75.0.3770.100 (Official Build) (64-bit)...

It seems like prax shouldn't be doing this, right? Any ideas?